Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
File: 966E1C18CCE911EBAB17776BC4F9AE02.roa (raw, json)
Hash identifier: iqZ4WroIGZet68OzcfaJACKEbT3MyfuYmao6ENQpHew=
Subject key identifier: 60:6C:2F:E3:9B:A9:DF:63:3F:10:8E:75:36:52:C9:63:99:60:AB:2E
Certificate issuer: /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial: BF66
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
Signing time: Thu 03 Jul 2025 05:47:55 +0000
ROA not before: Thu 03 Jul 2025 05:47:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 4758
IP address blocks: 43.239.62.0/24 maxlen: 24
45.118.16.0/22 maxlen: 22
45.118.16.0/24 maxlen: 24
45.118.17.0/24 maxlen: 24
45.118.18.0/24 maxlen: 24
45.118.19.0/24 maxlen: 24
45.118.20.0/22 maxlen: 22
45.118.20.0/24 maxlen: 24
45.118.21.0/24 maxlen: 24
45.118.22.0/24 maxlen: 24
45.118.23.0/24 maxlen: 24
45.118.24.0/22 maxlen: 22
45.118.24.0/24 maxlen: 24
45.118.25.0/24 maxlen: 24
45.118.26.0/24 maxlen: 24
45.118.27.0/24 maxlen: 24
45.118.28.0/22 maxlen: 22
45.118.28.0/24 maxlen: 24
45.118.29.0/24 maxlen: 24
45.118.30.0/24 maxlen: 24
45.118.31.0/24 maxlen: 24
103.70.96.0/24 maxlen: 24
103.195.208.0/24 maxlen: 24
103.195.209.0/24 maxlen: 24
103.195.210.0/24 maxlen: 24
103.195.211.0/24 maxlen: 24
103.195.212.0/24 maxlen: 24
103.195.213.0/24 maxlen: 24
103.195.214.0/24 maxlen: 24
103.195.215.0/24 maxlen: 24
103.195.216.0/24 maxlen: 24
103.195.217.0/24 maxlen: 24
103.195.218.0/24 maxlen: 24
103.195.219.0/24 maxlen: 24
137.59.128.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Tue 29 Jul 2025 15:26:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 48998 (0xbf66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Validity
Not Before: Jul 3 05:47:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6866198b-99c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:db:ae:58:44:11:7f:5e:d7:c9:ac:1a:f9:56:
c8:00:61:a8:c8:2b:33:f5:8c:dc:60:b6:9e:32:1a:
f7:6f:d4:7c:89:39:9c:3a:97:36:f3:ed:02:b3:86:
73:83:86:3b:90:0d:df:26:79:74:b3:b2:bf:54:38:
79:e1:8b:e8:01:d6:8e:07:f7:29:dc:78:16:c4:cd:
9a:52:6d:25:bd:74:83:a7:e8:f5:e5:7f:7a:4f:1e:
7a:2a:1f:c0:ce:2d:61:6d:e1:f6:6f:f7:f2:20:de:
b2:32:22:71:71:06:bc:cd:dc:70:81:f4:bc:f6:ac:
18:b5:56:0d:e6:ed:70:63:34:a1:1a:da:1c:22:3c:
22:b9:4e:cd:68:d1:89:fb:6c:40:30:62:f9:d7:19:
f1:4a:b1:81:e9:ca:24:7e:c2:c0:7d:35:df:d3:7f:
49:b8:79:78:e4:19:02:cc:fe:4e:17:f5:e0:91:af:
34:7f:51:52:de:36:83:51:40:bb:37:36:08:f2:e8:
0e:64:59:48:ee:d9:9c:30:13:27:1d:f9:d1:2a:95:
1d:f6:b2:c3:a6:cf:07:81:e7:63:62:c2:01:f7:7d:
48:3e:8d:b4:6a:1f:59:39:82:62:27:9f:96:ea:f6:
2b:e4:dc:88:9e:0e:5d:e2:d4:f9:91:db:8d:60:ee:
a3:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:6C:2F:E3:9B:A9:DF:63:3F:10:8E:75:36:52:C9:63:99:60:AB:2E
X509v3 Authority Key Identifier:
keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/966E1C18CCE911EBAB17776BC4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.62.0/24
45.118.16.0/20
103.70.96.0/24
103.195.208.0-103.195.219.255
137.59.128.0/22
Signature Algorithm: sha256WithRSAEncryption
5f:7d:da:ad:6d:10:ee:e4:5c:5e:95:fb:89:23:5e:f6:02:ec:
f7:e7:99:c4:6d:e4:84:16:d7:42:30:a2:c9:16:32:cc:9b:77:
03:ef:fa:b3:79:92:ef:21:bf:3c:3c:f3:eb:12:45:63:b5:aa:
a7:2e:29:26:be:09:60:be:f1:06:b3:6b:8c:e6:3c:d2:8d:76:
c0:6c:13:8b:1a:d4:2e:bb:f2:0b:c7:ac:34:58:7e:b3:d6:52:
17:01:b3:47:f2:62:e8:49:c9:78:b4:cd:99:8b:39:9f:58:3c:
7c:c5:88:ca:87:93:4b:1f:c5:2e:ef:47:cf:ca:76:39:b7:87:
ce:8e:63:d3:9e:8c:aa:02:cc:17:b8:fa:b6:65:74:bb:f4:40:
58:37:12:23:dc:2f:d3:3a:bb:b9:ed:81:a1:fc:5e:11:0d:89:
b2:f7:f7:99:0d:49:00:b5:a8:3c:57:1c:c6:be:39:da:c0:8b:
41:cd:f1:f4:46:6a:7b:72:20:05:18:ba:ec:f6:6d:d1:9a:bb:
ba:1d:ce:cc:29:9f:aa:ff:84:39:48:b9:b6:bc:f9:61:07:2f:
a2:bb:78:09:1b:92:a3:bc:dc:de:3e:a2:12:51:54:b2:b7:67:
52:6b:c5:be:0c:3f:15:16:d0:cf:3e:a9:82:30:29:3c:58:f4:
b5:2e:1b:3f
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIDAL9mMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDcwMzA1NDc1NVoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjg2NjE5OGItOTljMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMfbrlhEEX9e18msGvlWyABhqMgrM/WM3GC2njIa92/UfIk5nDqXNvPtArOG
c4OGO5AN3yZ5dLOyv1Q4eeGL6AHWjgf3Kdx4FsTNmlJtJb10g6fo9eV/ek8eeiof
wM4tYW3h9m/38iDesjIicXEGvM3ccIH0vPasGLVWDebtcGM0oRraHCI8IrlOzWjR
iftsQDBi+dcZ8UqxgenKJH7CwH0139N/Sbh5eOQZAsz+Thf14JGvNH9RUt42g1FA
uzc2CPLoDmRZSO7ZnDATJx350SqVHfayw6bPB4HnY2LCAfd9SD6NtGofWTmCYief
lur2K+TciJ4OXeLU+ZHbjWDuozsCAwEAAaOCArUwggKxMB0GA1UdDgQWBBRgbC/j
m6nfYz8QjnU2UsljmWCrLjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzk2NkUxQzE4
Q0NFOTExRUJBQjE3Nzc2QkM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMD8GCCsGAQUFBwEHAQH/
BDAwLjAsBAIAATAmAwQAK+8+AwQELXYQAwQAZ0ZgMAwDBARnw9ADBAJnw9gDBAKJ
O4AwDQYJKoZIhvcNAQELBQADggEBAF992q1tEO7kXF6V+4kjXvYC7PfnmcRt5IQW
10IwoskWMsybdwPv+rN5ku8hvzw88+sSRWO1qqcuKSa+CWC+8Qaza4zmPNKNdsBs
E4sa1C678gvHrDRYfrPWUhcBs0fyYuhJyXi0zZmLOZ9YPHzFiMqHk0sfxS7vR8/K
djm3h86OY9OejKoCzBe4+rZldLv0QFg3EiPcL9M6u7ntgaH8XhENibL395kNSQC1
qDxXHMa+OdrAi0HN8fRGantyIAUYuuz2bdGau7odzswpn6r/hDlIuba8+WEHL6K7
eAkbkqO83N4+ohJRVLK3Z1Jrxb4MPxUW0M8+qYIwKTxY9LUuGz8=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:23:51 2025 by rpki-client